Network Security Principles and Practices

Responses to Intrusions

This section talks about the mechanisms that the sensor has at its disposal when confronted by an attack. The sensor has the ability to react as opposed to simply logging and passing on the information to the management console. The sensor can respond to a detected signature in the following ways:

No action
Shun
Log
Shun and log
TCP reset
TCP reset and shun
TCP reset and log
TCP reset, shun, and log

The sensors can be configured to respond to various types of alarms using any one of the mechanisms listed here. For example, a sensor can be set up to respond to level 4 alarms with a TCP reset and log and to level 5 alarms with a TCP reset, shun, and log (a stricter response).

NOTE

Although IOS routers, PIX Firewalls, and the IDSM ...

Get Network Security Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Security Principles and Practices by Saadat Malik

Responses to Intrusions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly